← Back
CVE-2023-46453
critical
CVSS 9.8
SQL Injection in network-device (CVE-2023-46453)
Summary
SQL injection in network-device (CVE-2023-46453). Successful exploitation can lead to full system takeover.
AI summary openai / gpt-4o
There is a significant risk in GL.iNet devices with 4.x firmware. Exploiting this flaw, attackers can improperly access the device as an administrator using specific strings. This could lead to data breaches and misuse of the system. No specific patch has been provided yet, so extra caution is needed. In similar past contexts, there have been incidents of data leaks.
An authentication bypass vulnerability has been discovered in GL.iNet firmware 4.x. Models like GL-MT3000 and GL-AR300M are affected. This issue arises from a username that is valid both as an SQL statement and a regular expression, allowing unauthorized access. Attackers can potentially gain administrative control, posing a threat to system integrity. Currently, no effective patch is available, and no specific workaround has been provided. Implementation of pattern matching through A/B testing or WAF is recommended for attack detection.
❓ What is the problem
GL.iNet devices with 4.x firmware
📍 Affected scope
Authentication bypass by exploiting username input that acts both as an SQL statement and regular expression
🔥 Severity
Critical, CVSS score 9.8 (network attack, no authentication required, no user interaction required)
🔧 How to fix
No patch available
🛡️ Workaround
No specific workaround available
🔍 Detection
Consider using WAFs for pattern matching detection
Related past incidents Similar incidents extracted from past CVEs
An earlier major security flaw allowing remote attackers to read memory at an encryption library level leading to critical data compromise.
An instance of remote code execution vulnerability in Drupal CMS that was also rated critical.
A critical vulnerability in Apache Log4j allowing remote code execution similar in flaw severity.
If this happens at your company Expected impact per business scenario
📌 E-commerce site utilizing GL.iNet routers for network infrastructure.
Could allow attackers to remotely gain administrative access, steal customer data, or disrupt sales operations.
📌 Company internal system relying on affected firmware for secure connections.
Potential unauthorized access to sensitive internal data, risking company confidentiality and integrity.
📌 Home users using these routers for personal network security.
Compromise of personal data and misuse of internet-connected devices, posing privacy threats.
Recommended action
Heighten security measures like WAF, log monitoring for unusual patterns, and restrict router access points while awaiting official patch.
Response Actions (7 steps)
Concrete steps and command examples for SOC/SRE teams to execute in order
-
1Identify exposure identify
Audit SBOM/dependencies for affected components.依存マニフェストで影響コンポーネントを特定する。
-
7Post-deployment verification verify
Confirm patched version is live in productionパッチ適用後、ステージングで PoC または同等の悪用パターンを再現して脆弱性が閉じたことを確認。本番では Step 3 と同じログクエリでアラート再発が無いか継続監視。